TREZOR Integration in MetaMask

Using MetaMask just got more secure than ever

Some background first

In cryptocurrency, your accounts are only as safe as your keys, and if they’re on your computer, you’re just one hack away from a theft.

This is why everyone recommends you use a hardware wallet, since it’s one of the most secure ways to keep your funds safe.

However, that level of security comes with a price: it’s a bit impractical to move your funds in & out every time you need to use a ÐApp, exchange, or participate in an ICO. You need to wait for those extra transactions to be confirmed and also pay the extra network fees.

At MetaMask we care a LOT about our users’ security, and that’s why we’ve been working hard the past few months to be able to finally ship Hardware Wallet support for TREZOR in version 4.9.0 of the MetaMask extension, which also comes with a few other cool features like automatic token detection, ENS+IPFS support and more! (full changelog here)

This new feature took us some time because we wanted to get this right from scratch. This required a really big code refactor so that we could easily integrate different key signing strategies which our very own Dan Finlay handled like a pro!

It’s official: MetaMask now supports TREZOR

From now on, you can link your TREZOR device to MetaMask and you will be able to:

- Sign messages — This will allow you to login / sign up to certain ÐApps like CryptoKitties

Signing messages with your TREZOR via MetaMask

… and basically everything that you were allowed to do before with MetaMask with one huge difference:

Your private keys ALWAYS stay in your TREZOR Hardware wallet.

Last but not least, there’s another point that’s worth mentioning… you might have seen that some ÐApps let you to use your hardware wallets directly, (and that’s great!) but that only works if the ÐApp developer spent the extra time implementing the integration.

By adding hardware wallet support inside MetaMask, we are allowing every single ÐApp that works with MetaMask to be used securely with a Hardware Wallet.

We hope that this kind of feature will increase the confidence and security in the entire Ethereum ÐApp ecosystem.

How does it work?

Once you connect any Ethereum account from your TREZOR device, MetaMask will treat that account just like any other account, with the only difference being that every time you need to sign a transaction, you’ll need to connect your TREZOR device and MetaMask will send a request to it to sign that specific transaction. Signing happens 100% inside your TREZOR device and your private keys are never exposed.

Another cool thing is that you don’t need to keep your TREZOR device connected all the time in order to see your different accounts and balances, but of course you can also opt to disconnect your device from MetaMask and link it again the next time you need to use it.

How to try it

First of all, you need to have the latest version of MetaMask installed in Google Chrome (other browsers will be supported in the future) and make sure you’re using the NEW UI, which is still in beta (but not for too long!). Then follow these steps:

Click on your account icon at the top right and you will see a new item “Connect Hardware Wallet”.

Plug in your TREZOR device to your computer and click “Connect To TREZOR”.

You will get a popup from TREZOR asking you for permission to export the public key, and once you confirm, you will see the list of Ethereum accounts from your TREZOR device in the MetaMask extension.

We’ve also added the ability to remove imported accounts, so if you want to stop seeing any that you imported into MetaMask, you can remove it like this.

What’s next?

We’re looking forward to adding Ledger hardware wallet support and we’re currently exploring the different approaches we could take since both Ledger and TREZOR offer different ways to integrate with third-party applications like MetaMask.

We hope you enjoy this feature, and if you have any feedback please leave us a comment!